Is there a way to configure httpd to use specific responders for specific issuers?
For example: Suppose I have 2 self signed root CA's. CA1 and CA2. I also have 2 OCSP responders. RSP1 signed off CA1 and RSP2 signed off CA2. I would like to know if it's possible to configure a web server to send all client auth requests from users issued off CA1 to RSP1 and all clients issued off CA2 to RSP2. I am aware that the AIA extension allows you to map a certificate to a responder but I am looking for alternative solutions that allow the server to make the choice when no AIA is present. Something like: SSLOCSPEnable on SSLOCSPMATCH (regular expression to match Subject line of a CA1) http://rsp1.domain.com:80/ SSLOCSPMATCH (regular expression to match Subject line of a CA2) http://rsp2.domain.com:80/ Thanks, Dan Bryan
